Hi, I won't have access to my key until sometime tomorrow. If you feel that an NMU is required before then, go right ahead. Otherwise I will fix it ASAP when I get back.
On Sat, Sep 17, 2005 at 10:26:05AM +0200, Martin Pitt wrote: > Hi! > > I requested a CAN number; when you fix this, please mention the number > in the changelog. > > Thanks! > > Martin > > ----- Forwarded message from "Steven M. Christey" <[EMAIL PROTECTED]> ----- > > Date: Fri, 16 Sep 2005 14:53:07 -0400 (EDT) > From: "Steven M. Christey" <[EMAIL PROTECTED]> > To: Martin Pitt <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED] > Subject: Re: CAN request: insecure temp file in gtkdiskfree > X-Spam-Status: No, score=0.7 required=4.0 tests=AWL,BAYES_50 autolearn=no > version=3.0.3 > > > > ====================================================== > Candidate: CAN-2005-2918 > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2918 > Reference: VULNWATCH:20050915 gtkdiskfree insecure temporary file creation > Reference: MISC:http://www.zataz.net/adviso/gtkdiskfree-09052005.txt > Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=104565 > > The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and > earlier allows local users to overwrite arbitrary files via a symlink > attack on the gtkdiskfree temporary file. > > > ----- End forwarded message ----- > > -- > Martin Pitt http://www.piware.de > Ubuntu Developer http://www.ubuntulinux.org > Debian Developer http://www.debian.org -- Søren O. ,''`. : :' : GPG key id: 0x1EB2DE66 `. `' GPG signed mail preferred. `-
